{"id":"https://openalex.org/W4296422546","doi":"https://doi.org/10.1145/3544902.3546240","title":"PG-VulNet: Detect Supply Chain Vulnerabilities in IoT Devices using Pseudo-code and Graphs","display_name":"PG-VulNet: Detect Supply Chain Vulnerabilities in IoT Devices using Pseudo-code and Graphs","publication_year":2022,"publication_date":"2022-09-07","ids":{"openalex":"https://openalex.org/W4296422546","doi":"https://doi.org/10.1145/3544902.3546240"},"language":"en","primary_location":{"id":"doi:10.1145/3544902.3546240","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3544902.3546240","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100352330","display_name":"Xin Liu","orcid":"https://orcid.org/0000-0003-3685-4852"},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xin Liu","raw_affiliation_strings":["Lanzhou University, China"],"affiliations":[{"raw_affiliation_string":"Lanzhou University, China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112127503","display_name":"Yixiong Wu","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yixiong Wu","raw_affiliation_strings":["Tsinghua University, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014546112","display_name":"Qingchen Yu","orcid":"https://orcid.org/0000-0001-8311-9370"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qingchen Yu","raw_affiliation_strings":["Zhejiang University, China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038496440","display_name":"Shangru Song","orcid":null},"institutions":[{"id":"https://openalex.org/I125839683","display_name":"Beijing Institute of Technology","ror":"https://ror.org/01skt4w74","country_code":"CN","type":"education","lineage":["https://openalex.org/I125839683","https://openalex.org/I890469752"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shangru Song","raw_affiliation_strings":["Beijing Institute of Technology, China"],"affiliations":[{"raw_affiliation_string":"Beijing Institute of Technology, China","institution_ids":["https://openalex.org/I125839683"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100320118","display_name":"Yue Liu","orcid":"https://orcid.org/0000-0003-2958-9923"},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yue Liu","raw_affiliation_strings":["Southeast University, China and Qi An Xin Group Corp, China"],"affiliations":[{"raw_affiliation_string":"Southeast University, China and Qi An Xin Group Corp, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113979790","display_name":"Qingguo Zhou","orcid":null},"institutions":[{"id":"https://openalex.org/I76214153","display_name":"Lanzhou University","ror":"https://ror.org/01mkqqe32","country_code":"CN","type":"education","lineage":["https://openalex.org/I76214153"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qingguo Zhou","raw_affiliation_strings":["Lanzhou University, China"],"affiliations":[{"raw_affiliation_string":"Lanzhou University, China","institution_ids":["https://openalex.org/I76214153"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5112309175","display_name":"Jianwei Zhuge","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianwei Zhuge","raw_affiliation_strings":["Tsinghua University, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5100352330"],"corresponding_institution_ids":["https://openalex.org/I76214153"],"apc_list":null,"apc_paid":null,"fwci":1.9266,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.85288641,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"205","last_page":"215"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8218055963516235},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.531114399433136},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5032760500907898},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4748024046421051},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.4724809527397156},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.44778335094451904},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35508036613464355},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.34603333473205566},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3273463249206543},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.09673762321472168}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8218055963516235},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.531114399433136},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5032760500907898},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4748024046421051},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.4724809527397156},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.44778335094451904},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35508036613464355},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.34603333473205566},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3273463249206543},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09673762321472168},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3544902.3546240","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3544902.3546240","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6459143498","display_name":null,"funder_award_id":"U1936121","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W200653874","https://openalex.org/W1690253345","https://openalex.org/W1942295288","https://openalex.org/W1984978725","https://openalex.org/W1992114977","https://openalex.org/W2012604743","https://openalex.org/W2127637733","https://openalex.org/W2144344516","https://openalex.org/W2532962075","https://openalex.org/W2547625248","https://openalex.org/W2577142429","https://openalex.org/W2749008552","https://openalex.org/W2886694146","https://openalex.org/W2888320512","https://openalex.org/W2888698761","https://openalex.org/W2898829570","https://openalex.org/W2963408280","https://openalex.org/W2997915791","https://openalex.org/W3085647877","https://openalex.org/W3105926539"],"related_works":["https://openalex.org/W4311097251","https://openalex.org/W4245926026","https://openalex.org/W2586548817","https://openalex.org/W2625093826","https://openalex.org/W2950174689","https://openalex.org/W4200598720","https://openalex.org/W2921026492","https://openalex.org/W4361251261","https://openalex.org/W3031181660","https://openalex.org/W4285201139"],"abstract_inverted_index":{"Background:":[0],"With":[1],"the":[2,8,20,32,49,168,184],"boosting":[3],"development":[4],"of":[5,11,36,44,51,110,141],"IoT":[6,12,52,72,192],"technology,":[7],"supply":[9,66,123,189],"chains":[10],"devices":[13],"become":[14],"more":[15,29,60],"powerful":[16],"and":[17,19,34,63,98,107,117,152,164,194],"sophisticated,":[18],"security":[21,50],"issues":[22],"introduced":[23,186],"by":[24,187],"code":[25,39],"reuse":[26],"are":[27],"becoming":[28],"prominent.":[30],"Therefore,":[31],"detection":[33,41,69,93,139,162],"management":[35],"vulnerabilities":[37,125,175,185],"through":[38],"similarity":[40],"technology":[42],"is":[43,88,195],"great":[45],"significance":[46],"for":[47,71,80,198],"protecting":[48],"devices.":[53,73],"Aim:":[54],"We":[55],"aim":[56],"to":[57,112,121,156],"propose":[58],"a":[59,89],"accurate,":[61],"parallel-friendly,":[62],"realistic":[64],"software":[65,188],"chain":[67,124,190],"vulnerability":[68,92],"solution":[70,94],"Method:":[74],"This":[75],"paper":[76],"presents":[77],"PG-VulNet,":[78],"standing":[79],"Vulnerability-detection":[81],"Network":[82,101],"based":[83,95,126],"on":[84,96,127],"Pseudo-code":[85],"Graphs.":[86],"It":[87],"\u201dmulti-model\u201d":[90],"cross-architecture":[91],"pseudo-code":[97,111],"Graph":[99],"Matching":[100],"(GMN).":[102],"PG-VulNet":[103,135,158,171,180,205],"extracts":[104],"both":[105],"behavioral":[106],"structural":[108],"features":[109],"build":[113],"customized":[114],"feature":[115],"graphs":[116],"then":[118],"uses":[119],"GMN":[120],"detect":[122,183],"these":[128],"graphs.":[129],"Results:":[130],"The":[131],"experiments":[132],"show":[133],"that":[134],"achieves":[136],"an":[137],"average":[138],"accuracy":[140],"99.14%,":[142],"significantly":[143],"higher":[144],"than":[145],"existing":[146,203],"approaches":[147],"like":[148],"Gemini,":[149],"VulSeeker,":[150],"FIT,":[151],"Asteria.":[153],"In":[154,167],"addition":[155],"this,":[157],"also":[159],"excels":[160],"in":[161,176,191],"overhead":[163],"false":[165],"alarms.":[166],"real-world":[169],"evaluation,":[170],"detected":[172],"690":[173],"known":[174],"1,611":[177],"firmwares.":[178],"Conclusions:":[179],"can":[181],"effectively":[182],"firmwares":[193],"well":[196],"suited":[197],"large-scale":[199],"detection.":[200],"Compared":[201],"with":[202],"approaches,":[204],"has":[206],"significant":[207],"advantages.":[208]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-06T07:47:59.780226","created_date":"2025-10-10T00:00:00"}